I need to create a script, which has to run also on computers which don’t have the ActiveDirectory Module installed. So I am using ADSISearcher instead of the usual AD cmdlets.
My goal is to get the MemberOf contents of computers. My company has multiple domains, which are all trusted. Since the computer might be in a different domain, I am searching the global catalogue (GC://) and not LDAP.
Here is what I have so far:
$root = [ADSI]("GC://DC=forest,DC=com") $search = [adsisearcher]$root $search.filter = "(&(objectclass=computer)(cn=computername))" $object = $search.findone() $computer = $object.getdirectoryentry() $computer.memberof
This woks fine if the computer is in the same domain as me. The membership is listed correctly.
But when the computer is in one of the other domains, I get to see only the universal groups where the PC is a member of, but not the other groups (domain local, global).
Any ideas how to see the complete membership?